Download - 2010 SMB Information Protection Survey
![Page 1: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/1.jpg)
2010 SMB Information Protection Survey
Key Findings (Global Results)
![Page 2: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/2.jpg)
Methodology
• Applied Research telephone survey in May/June 2010
• 2,152 SMBs worldwide
– 50% 10-99 employees
– 50% 100-499 employees
• 28 countries
• Cross-industry
• Owners, managers, IT staff, consultants
2
![Page 3: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/3.jpg)
Key Findings
• SMBs are getting serious about information protection
• Loss of crucial information is a real threat
• Cyber attacks a real threat
![Page 4: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/4.jpg)
SMBs are serious about information protection
• SMBs rank data loss and cyber attacks their top business risk
• Top IT improvement areas: backup & recovery, DR, security
• Two thirds of IT time spent on information protection
• Median spend: $51K on information protection
![Page 5: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/5.jpg)
Loss of crucial business information a real threat
• 74 percent somewhat/extremely concerned
• 42 percent lost confidential/proprietary information in the past
• 100 percent saw losses (lost revenue, direct financial costs)
• Lost devices a big problem:
– 62 percent lost devices within past 12 months
– 100 percent have some devices that are not password protected
– 100 percent have devices that couldn’t be remotely wiped of data
![Page 6: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/6.jpg)
Cyber attacks a real threat
• 73 percent saw cyber attacks in past year
– 30 percent of attacks somewhat/extremely effective
• 100 percent saw losses:
– Downtime, theft of corporate data, personally identifiable information
• 100 percent saw direct costs:
– Loss of productivity, revenue and direct financial cost
• Annual cost of cyber attacks: $188,242
![Page 7: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/7.jpg)
Symantec’s Recommendations
• Educate employees
• Safeguard important business information
• Implement an effective backup and recovery plan
• Secure email and web assets
![Page 8: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/8.jpg)
Appendix: Full Results
![Page 9: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/9.jpg)
Information Protection Objectives
![Page 10: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/10.jpg)
Risks
9% 7%11%
19%
54%
7%14%
28%
30%
20%
10%
21%
35%24%
10%
20%
38%
17% 18%
8%
54%
20%
9% 9% 8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Data loss Cyber attacks Traditional criminal activity Natural disasters Terrorism
Q6: Please rank the following risks in order of significance to your organization.
1
2
3
4
5
![Page 11: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/11.jpg)
IT improvement areas
4% 4% 4% 3% 3% 3% 3% 5%
10% 11% 11% 11% 13% 13% 14%19%
18% 18% 19% 20%23%
27% 27%
30%
32% 29% 31% 34%31%
30%31%
26%
37% 38% 35% 32% 31% 28% 24%20%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Enhance our backup, recovery
and archiving systems
Enhance our ability to resume
computing as quickly as possible
after a disaster
Enhance our computer security
systems
Improve our computing
performance
Increase our data storage capacity
Reduce computing costs
Increase our internet
bandwidth
Be more "green
Q7: Please rate the following IT improvement areas for 2010.
1 - Absolutely unimportant 2 - Somewhat unimportant 3 - Average 4 - Somewhat important 5 - Absolutely important
![Page 12: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/12.jpg)
Expected change
47%
47%
7%
0% 10% 20% 30% 40% 50%
Significant changes
Minor changes
Virtually no changes
Q8: How would you characterize the level of change to your data protection infrastructure you expect over the next 12 months?
![Page 13: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/13.jpg)
Staffing & Budget
![Page 14: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/14.jpg)
Computer support team
56%
19%
15%
9%
1%
0% 20% 40% 60% 80% 100%
Internal staff
Consultants
Computer dealers/VARs/etc.
Friends
Other (Please indicate)
Q9: What percentage of your computer support team comes from each of the following?
(Means shown)
![Page 15: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/15.jpg)
Computing staff
241.1
0
50
100
150
200
250
300
Mean
Q10: How many different people (either inside or outside your company) work on your computing systems in your organization in all
offices combined?
![Page 16: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/16.jpg)
Computing staff growth
31%
24%
45%
0% 10% 20% 30% 40% 50%
More 12 months ago
About the same
Less 12 months ago
Q11: How does the number of people working on your computing systems compare to 12 months ago?
![Page 17: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/17.jpg)
Expecting computing staff growth
42%
15%
43%
0% 10% 20% 30% 40% 50%
More 12 months from now
About the same
Less 12 months from now
Q12: How will the number of people working on your computing systems change over the next 12 months?
![Page 18: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/18.jpg)
Computer support staff
27%
24%
18%
31%
0% 10% 20% 30% 40% 50%
Computer security
Backup, recovery and archival tasks
Disaster preparedness tasks
Other computing tasks
Q13: What percent of your computer support staff's time is spent in each of the following areas?
(Means shown)
![Page 19: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/19.jpg)
Skill sets
2% 1% 1% 1%3% 3% 4% 7%
13% 13%16%
22%
42%48%
48%
47%
41%35%
32%
23%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Other computer areas Backup, recovery and archival Computer security Disaster preparedness
Q14a: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?
1 - Extremely unskilled 2 - Somewhat unskilled 3 - Neutral 4 - Somewhat skilled 5 - Extremely skilled
![Page 20: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/20.jpg)
Skill sets
1% 2% 2% 2%6%
9% 9% 9%
46%47% 50% 50%
35% 29% 26% 27%
12% 13% 13% 12%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Disaster preparedness Computer security Backup, recovery and archival Other computer areas
Q14b: How would you characterize your company's proficiency and capacity for each of the following computing skill sets?
1 - Extremely overstaffed 2 - Somewhat overstaffed 3 - Neutral 4 - Somewhat understaffed 5 - Extremely understaffed
![Page 21: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/21.jpg)
Preventing factors
11%15%
10%13% 11% 11%
13%
24%31% 21% 30% 26%
20%
20%21%
27%
27% 33%28%
26% 18%
33%13%
15%
28%
15%20%
6%
19%14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
Our staff lacks the requisite skill set
We don't have enough budget
We get buried in emergencies
Not a priority for our company management
We don't have enough staff
Q15a: How important are each of these factors in terms of keeping your company from being more proficient in computer security?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
![Page 22: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/22.jpg)
Preventing factors
8%14%
5%12% 12% 14%
20%
20%32%
14%18%
21%
24%
21%24%
36%33%
31%
35%
41%27% 25%
30%17%
13%
4%12% 13%
7%
17%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
We get buried in emergencies
We don't have enough budget
Our staff lacks the requisite skill set
We don't have enough staff
Not a priority for our company management
Q15b: How important are each of these factors in terms of keeping your company from being more proficient in backup, restore and archival?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
![Page 23: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/23.jpg)
Preventing factors
10% 8% 10% 9% 6%
18%
13%19% 18%
23%25%
36%26%
27% 28%
28% 32%
26%
26%
28% 26%20%
23%
11%26%18% 19% 20%
13%8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
We get buried in the basic day-to-day tasks
Our staff lacks the requisite skill set
Not a priority for our company management
We don't have enough budget
We don't have enough staff
We get buried in emergencies
Q15c: How important are each of these factors in terms of keeping your company from being more proficient in disaster preparedness?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
![Page 24: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/24.jpg)
Preventing factors
12% 14% 14% 18% 21%17%
23% 21% 24%23%
32%
28%
21%28%
32%34%
26%
34%
28%
33% 20% 13%12%
19%16%
3%9% 11% 9%
2%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Not a priority for our company management
We don't have enough staff
Our staff lacks the requisite skill set
We get buried in the basic day-to-day tasks
We don't have enough budget
We get buried in emergencies
Q15d: How important are each of these factors in terms of keeping your company from being more proficient in other computer areas?
1 - Not a factor at all 2 - Only slightly a factor 3 - A factor 4 - Somewhat a factor 5 - Major factor
![Page 25: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/25.jpg)
Annual expenses
$40,000
$25,000
$16,000
$10,000
$0
$5,000
$10,000
$15,000
$20,000
$25,000
$30,000
$35,000
$40,000
$45,000
General computing Computer security Backup, recovery and archival Disaster preparedness
Q16: Please estimate how much you spend annually for each area.(Medians shown)
![Page 26: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/26.jpg)
Expense growth
19%17% 17%
14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Computer security Backup, recovery and archival General computing Disaster preparedness
Q17: What is the percentage change for each area over 2009?(Means shown)
![Page 27: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/27.jpg)
Expected expense change
19%17% 16%
14%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Computer security General computing Backup, recovery and archival Disaster preparedness
Q18: Looking ahead, what do you anticipate the percentage change for each area will be in 2011 when compared to 2010?
(Means shown)
![Page 28: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/28.jpg)
Augmenting capacity
1% 2% 4%
16%
30% 23%
15%
16%19%10%
11% 15%28%
16%16%
23% 17% 14%
8% 9% 9%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Using outside consultants Outsource our computer operations to an ISP Moving certain applications to "the cloud"
Q19: What methods -- if any -- do you use (or plan to use) to augment your internal staff's capacity in order to accomplish more than you could
on your own?
1 - Not familiar with this area 2 - Do not employ and no plans to do so 3 - Do not use this tactic, but are exploring
4 - Do not use, but plan to in the future 5 - Currently use in a minor way 6 - Currently use in a moderate way
7 - Currently use in a major way
![Page 29: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/29.jpg)
Cyber Attacks
![Page 30: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/30.jpg)
Cyber attacks
27%
51%
16%
5%
2%
0% 20% 40% 60% 80% 100%
No cyber attacks
A few cyber attacks
Cyber attacks on a regular basis
Large number of cyber attacks
Extremely large number of cyber attacks
Q20: Characterize the quantity of cyber attacks against your organization over the past 12 months.
![Page 31: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/31.jpg)
Cyber attack effectiveness
20%
24%
26%
19%
11%
0% 10% 20% 30% 40% 50%
Highly ineffective
Somewhat ineffective
Neutral
Somewhat effective
Highly ieffective
Q21: Rate the effectiveness of cyber attacks against your organization over the past 12 months.
![Page 32: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/32.jpg)
Cyber attack growth
7%
20%
48%
20%
5%
0% 10% 20% 30% 40% 50%
Significantly decreased
Somewhat decreased
Stayed the same
Somewhat increased
Significantly increased
Q22: Characterize the growth of cyber attacks against your organization over the past 12 months.
![Page 33: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/33.jpg)
Cyber losses
49%
25%
23%
23%
20%
16%
14%
0% 10% 20% 30% 40% 50%
Downtime of our environment
Theft of other corporate data
Theft of customer or employee PII
Theft of customer credit card information or other financial information
Theft of intellectual property
Theft of customer or employee PHI
Identity theft
Q23: Indicate which kinds of cyber losses you have experienced in the past.
(Mark all that apply.)
![Page 34: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/34.jpg)
Cyber attack costs
53%
27%
22%
21%
18%
18%
12%
12%
11%
0% 20% 40% 60% 80% 100%
Lost productivity
Lost revenue
Direct financial cost
Damaged reputation
Costs to comply with regulations after an attack
Loss of customer trust/damaged customer relationships
Litigation costs
Regulatory fines
Reduced stock price
Q24: Please indicate which costs your organization experienced as a result of cyber attacks in the past.
(Mark all that apply.)
![Page 35: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/35.jpg)
Monetary costs
$194,625
$145,045
$133,286
$116,121
$115,054
$63,920
$47,691
$32,429
$21,279
$0 $50,000 $100,000 $150,000 $200,000 $250,000
Direct financial cost
Reduced stock price
Damaged reputation
Loss of customer trust/damaged customer relationships
Lost revenue
Lost productivity
Costs to comply with regulations after an attack
Litigation costs
Regulatory fines
Q25: Please assign a total value, in monetary terms, of each of these losses in 2009.(Means shown)
![Page 36: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/36.jpg)
Cyber attack response
67%
44%
37%
32%
23%
0% 20% 40% 60% 80% 100%
Security software vendor site
Consultant, outsource vendor or reseller/VAR
Media
Blogs
Peers
Q26: When you have sustained a cyber attack, where do you go to find information about that type of attack and on how to respond?
(Mark all that apply)
![Page 37: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/37.jpg)
Changing protection
15%
33%
39%
11%
2%
0% 10% 20% 30% 40% 50%
Significantly easier
Somewhat easier
Neither easier nor harder
Somewhat harder
Significantly harder
Q27: How has protecting your computing systems changed over the past 12 months?
![Page 38: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/38.jpg)
Endpoint Security
![Page 39: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/39.jpg)
Endpoint vulnerabilities
18%14% 11%
18% 18%12% 12%
23%25%
26%
28% 28%
26% 26%
17% 21%
31%
23% 26%35% 36%
31% 31%
27% 27% 26% 22% 23%
11% 10%4% 5% 4% 5% 4%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Windows-based desktop PCs
Windows-based laptops
Tablets like the Apple iPad
Apple Mac desktops Apple Mac laptops Smart phones PDA with no phone
Q29: How vulnerable to security breaches are each of these endpoints?
1 - Extremely safe and protected 2 - Somewhat safe and protected 3 - Neutral 4 - Somewhat vulnerable 5 - Extremely vulnerable
![Page 40: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/40.jpg)
Endpoint selection and approval
10% 9% 9% 7% 8% 9% 6%
16% 18% 17% 19% 16% 15% 16%
26%21%
27%
16%23% 24%
20%
17%
17%
19%
19%
18% 18%21%
31%36%
28%
41%36% 35% 37%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
PDA with no phone Apple Mac desktops Smart phones Windows-based desktop PCs
Apple Mac laptops Tablets like the Apple iPad
Windows-based laptops
Q30: What is your company policy for each of the following endpoints in terms of who selects/approves devices that can be used on your
network?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Complete company selected
![Page 41: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/41.jpg)
Endpoint selection and approval
12% 11% 8% 8% 6% 7% 7%
11% 8%6% 5% 7% 6% 4%
17% 17%
15% 15% 17% 17% 17%
21% 16%
19%15% 20% 20% 15%
39% 39%45%
49% 49% 50% 46%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Smart phones PDA with no phone Apple Mac laptops Apple Mac desktops Windows-based laptops
Windows-based desktop PCs
Tablets like the Apple iPad
Q31: Regardless of your actual policy, in practice what percentage of your endpoints was selected by your employees vs. by the company?
1 - Completely employee selected 2 - Mostly employee selected
3 - Joint effort, input from employee and company 4 - Mostly company selected
5 - Completely company selected
![Page 42: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/42.jpg)
Employee-selected endpoints
5% 6% 7% 5% 5% 4%
18% 17% 15% 15% 16%12%
37% 40%38% 37% 35%
35%
26% 25%
24% 26%28%
30%
13% 12%17% 16% 17% 19%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Installation Purchasing Security Endpoint management Training Productivity
Q31b: What is the impact of employee-selected endpoints to your organization?
1 - Extremely negative 2 - Somewhat negative 3 - Neutral 4 - Somewhat positive 5 - Extremely positive
![Page 43: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/43.jpg)
Employee-selected endpoints
5% 7% 7% 7% 10% 11%
22%14% 13%17% 16%
16% 17%
10%18%
29%
29% 32%34% 32%
46%
27%
27%
31% 30%27% 26%
14%36%
25%
15% 15% 14% 14%9%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Owner/upper management
Engineering Sales Marketing Staff Accounting Other (please specify)
Q32: Which types of employees are most likely to want to select their own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
![Page 44: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/44.jpg)
Employee-selected endpoints
5% 4%10%
13% 13%
22%
23% 28%
36%
31%
38%
19%
28%
18%13%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Younger than 30 30 to 49 50 and older
Q33: Which employee age group is most likely to want to select their own endpoints?
1 - Extremely unlikely 2 - Somewhat unlikely 3 - Neutral 4 - Somewhat likely 5 - Extremely likely
![Page 45: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/45.jpg)
Password protection
81%
74%
42%
35%
32%
23%
16%
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs
Windows-based laptops
Apple Mac desktops
Apple Mac laptops
Smart phones
Tablets like the Apple iPad
PDA with no phone
Q34: Which of the following endpoint devices does your company insure are password protected?
![Page 46: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/46.jpg)
Remote wipes
62%
52%
32%
28%
25%
18%
12%
0% 20% 40% 60% 80% 100%
Windows-based desktop PCs
Windows-based laptops
Smart phones
Apple Mac desktops
Apple Mac laptops
Tablets like the Apple iPad
PDA with no phone
Q35: In case of theft or accidental loss, which of the following endpoint devices can be remotely wiped clean of all information?
![Page 47: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/47.jpg)
Endpoint security safeguards
92%
72%
40%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Antimalware Client firewalls Client intrusion-detection
Q36: Which of the following endpoint security safeguards do you use?
![Page 48: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/48.jpg)
Incidents sustained
462
259
243
101
31
26
22
0 50 100 150 200 250 300 350 400 450 500
Windows-based desktop PCs
Windows-based laptops
Apple Mac desktops
Apple Mac laptops
PDA with no phone
Tablets like the Apple iPad
Smart phones
Q37: Worldwide, how many incidents/attacks have you sustained against each of these endpoints in the past 12 months?
(Asked only of those who use each endpoint)
![Page 49: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/49.jpg)
Remediating attacks
7.9
7.27
7
6.96
6.88
6.09
6.07
0 1 2 3 4 5 6 7 8 9
Windows-based desktop PCs
Windows-based laptops
PDA with no phone
Apple Mac laptops
Tablets like the Apple iPad
Smart phones
Apple Mac desktops
Q38: What is the average time spent by your company (or consultants on behalf of your company) remediating attacks on each of these
endpoints for a single attack?(Means shown)
![Page 50: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/50.jpg)
Improper configurations
26%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q39: What percentage of the aforementioned attacks was the result of improper configurations such as missed OS patches, incorrect security
settings, out of date virus profiles, etc.?
![Page 51: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/51.jpg)
Lost and stolen devices
26.88
23.57
22.23
21.55
20.55
19.96
18.63
0 5 10 15 20 25 30
PDA with no phone
Windows-based laptops
Apple Mac desktops
Tablets like the Apple iPad
Windows-based desktop PCs
Smart phones
Apple Mac laptops
Q40: How many of each of these mobile devices are lost or stolen worldwide within your organization annually?
(Means shown)
![Page 52: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/52.jpg)
Windows 7
18%
28%
15%
9%
8%
13%
9%
0% 10% 20% 30% 40% 50%
No plans to upgrade to Windows 7 at this time
We are currently discussing if and when we will upgrade to Windows 7
We plan to upgrade after Windows 7 SP2 is released
We plan to upgrade after Windows 7 SP1 is released
We plan to upgrade to the current version of Windows 7
We are currently in the process of upgrading to Windows 7
We have already upgraded to Windows 7
Q41: What are your plans for Windows 7?
![Page 53: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/53.jpg)
Windows 7
21%
46%
29%
3%
1%
0% 10% 20% 30% 40% 50%
Significantly improve security
Somewhat improve security
Neither improve nor worsen security
Somewhat worsen security
Significantly worsen security
Q42: How do you think Windows 7 will affect endpoint security?
![Page 54: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/54.jpg)
Confidential/proprietary data
36%
38%
22%
4%
1%
0% 10% 20% 30% 40% 50%
Extremely concerned
Somewhat concerned
Neutral
Somewhat unconcerned
Extremely unconcerned
Q43: How concerned are you regarding the loss of confidential/proprietary data?
![Page 55: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/55.jpg)
Confidential/proprietary data
Yes42%
No58%
Q44: Have you lost confidential/proprietary data in the past?
![Page 56: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/56.jpg)
Confidential/proprietary data
24%
21%
19%
13%
12%
12%
0% 10% 20% 30% 40% 50%
Outsider illegally took data
Insider accidentally lost data
Insider illegally took data
Partner company accidentally lost data
Partner company illegally took data
Broken business process exposed confidential information
Q45: What percentage of your past losses of confidential/proprietary data have come from each of the following areas?
(Means shown)
![Page 57: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/57.jpg)
Consequences of data loss
46%
40%
40%
38%
28%
27%
25%
21%
20%
5%
0% 10% 20% 30% 40% 50%
Lost revenue
Damaged brand reputation
Direct financial cost
Loss of customer trust/damaged customer relationships
Litigation costs
Lost productivity
Loss of organization, customer or employee data
Costs to comply with regulations after a data loss incident
Regulatory fines
Reduced stock price
Q46: What have been the consequences of data loss to your organization?
(Mark all that apply.)
![Page 58: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/58.jpg)
Messaging/Collaboration Security
![Page 59: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/59.jpg)
Email systems
76%
38%
30%
0% 20% 40% 60% 80% 100%
Client-Server corporate email system
Web-based consumer mail system
SaaS corporate email system
Q47: What kind of email systems are used within your organization?(Mark all that apply.)
![Page 60: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/60.jpg)
Email systems
82%
20%
10%
0% 20% 40% 60% 80% 100%
Microsoft Exchange
IBM Lotus Domino
Other (Please specify)
Q48: Which client-server corporate email system(s) do you use?
![Page 61: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/61.jpg)
Email systems
45%
35%
20%
17%
16%
0% 10% 20% 30% 40% 50%
Google Business Email
Cisco WebEx
Other (Please specify)
SaaS option offered by your ISP
LotusLive iNotes
Q49: Which SaaS corporate email system(s) do you use?
![Page 62: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/62.jpg)
Email systems
52%
45%
41%
16%
11%
0% 20% 40% 60% 80% 100%
Gmail
Yahoo! Mail
Windows Live Hotmail
Other (Please specify)
AOL Mail
Q50: Which web email system(s) do you use?
![Page 63: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/63.jpg)
Collaboration systems
71%
25%
17%
0% 20% 40% 60% 80% 100%
Microsoft SharePoint
IBM Lotus Domino/Notes
Other (Please specify)
Q51: What kind of collaboration systems are used within your organization?
(Mark all that apply.)
![Page 64: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/64.jpg)
Instant messaging
41%
35%
34%
17%
17%
17%
9%
8%
5%
3%
0% 10% 20% 30% 40% 50%
Windows Live Messenger
Yahoo!
Google Talk
Other (Please specify)
AIM (AOL Instant Messenger)
Microsoft Office Communications Server (OCS)
ICQ
IBM Lotus Sametime
OCS
Q52: What Instant Messaging (IM) systems are used officially within your organization?
![Page 65: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/65.jpg)
Social media tools
45%
51%
39%
59%
50%
46%
38%
35%
39%
34%
0% 20% 40% 60% 80% 100%
Microblogging
Blogs
Podcasts
Social networking sites
Multimedia sharing sites
Q53: Which of the following social media tools are used within your organization?
Unofficially (for personal use)
Officially (for business use)
![Page 66: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/66.jpg)
Social networking
37%
61%
47%
10%
46%
41%
25%
3%
0% 20% 40% 60% 80% 100%
MySpace
Other (Please specify)
Q54: Which social networking sites are used within your organization?
Unofficially (for personal use)
Officially (for business use)
![Page 67: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/67.jpg)
Security threats
5% 5% 6% 5% 7% 6% 6% 5% 7%
11%15% 10% 13%
14% 13% 13% 15% 13%
34%31% 38%
38%37% 42%
44% 45% 47%
36% 34% 30%31% 32% 28%
26% 25%24%
15% 15% 17%13% 11% 12% 10% 10% 8%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Web-based consumer email
Client-server corporate email
systems
Social networking sites
Instant messaging
SaaS corporate email systems
Microblogging Blogs Corporate collaboration
suite
Podcasts
Q55: How would you rate the security threat for each messaging/collaboration tool?
1 - Extremely low 2 - Somewhat low 3 - Neutral 4 - Somewhat high 5 - Extremely high
![Page 68: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/68.jpg)
Messaging/collaboration tools
137
121
105
82
44
43
40
33
25
0 20 40 60 80 100 120 140 160
SaaS corporate email systems
Client-server corporate email systems
Instant messaging
Web-based consumer email
Social networking sites
Microblogging
Blogs
Podcasts
Corporate collaboration suite
Q56: How many individual security incidents have you experienced worldwide within your organization for each of these messaging/collaboration tools in the past 12 months?
(Means shown)
![Page 69: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/69.jpg)
Messaging/collaboration tools
17% 15% 16% 17% 16% 19% 21%
33%24%
29%28% 26%
33%28%
39% 35%
41%
38%
40% 44% 46%
39%46%
33% 37%
22%
34%
10% 10% 9% 9% 8% 7% 6% 3% 3%4% 2% 3% 2% 2% 1% 1% 1% 1%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Social networking sites
Microblogging Blogs Instant messaging
Podcasts Web-based consumer email
Corporate collaboration
suite
Client-server corporate email
systems
SaaS corporate email systems
Q57: How well-protected are you for each of these messaging/collaboration tools?
1 - Extemely protected 2 - Somewhat protected 3 - Neutral 4 - Somewhat unprotected 5 - Extremely unprotected
![Page 70: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/70.jpg)
Backup, Recovery, and Archiving
![Page 71: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/71.jpg)
Backup/archiving solutions
0% 1% 1%2%5% 7%
8%
12%17%
21%
20%
23%
69%62%
53%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Backup and recovery of data Backup and recovery of systems Archiving
Q58: What is your status regarding the following solutions in your organization?
1 - Not sure what this solution does 2 - Not installed and no plans to do so 3 - Discussing 4 - Implementing 5 - Already installed
![Page 72: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/72.jpg)
Data backup
47%
31%
16%
6%
0%
1%
0%
0% 10% 20% 30% 40% 50%
Never
Daily
Weekly
Monthly
Quarterly
Annually
Once in a long while
Q59: How often does your company back up its data?
![Page 73: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/73.jpg)
Data backup
63%
42%
35%
27%
17%
1%
0% 20% 40% 60% 80% 100%
Network storage (hard disk)
Portable hard disk
Tape
DVDs or BluRay
We store data online with a service provider
Other (Please specify)
Q60: Where do you store your information once you back up your files?(Mark all that apply.)
![Page 74: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/74.jpg)
Data backup
72%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q61: What percentage of company/customer information on your computer is regularly backed up?
![Page 75: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/75.jpg)
Deduplication
13%
22%
28%
32%
4%
0% 10% 20% 30% 40% 50%
Not installed and no plans to do so
Discussing
Implementing
Already installed
Not sure what this solution does
Q62: What is the status of your company's use of "deduplication" technology?
![Page 76: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/76.jpg)
Backup recovery
16.87
0
2
4
6
8
10
12
14
16
18
Mean
Q62b: In the past 12 months, how many times have you needed to recover one or more files from your backup media?
![Page 77: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/77.jpg)
Backup recovery
5.37
0
1
2
3
4
5
6
Mean
Q63: In the past 12 months, how many times has the recovery process failed?
![Page 78: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/78.jpg)
Backup recovery
74%
45%
32%
0% 20% 40% 60% 80% 100%
Lost productivity
Financial loss
Embarrassment
Q64: What were the consequences of these recovery failures?(Mark all that apply.)
![Page 79: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/79.jpg)
Backup applications
22%
15%
12%
10%
10%
9%
8%
5%
4%
3%
3%
0% 10% 20% 30% 40% 50%
Microsoft Data Protection Manager
Symantec Backup Exec
Symantec Backup Exec System Recovery
HP Data Protector
Other (Please specify)
IBM Tivoli Storage Manager
Symantec NetBackup
EMC Networker
CA ARCserve
EMC Avamar
CommVault Simpana
Q65: What application do you use for backup?
![Page 80: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/80.jpg)
Data backup
39%
15%
15%
15%
8%
6%
0%
0% 10% 20% 30% 40% 50%
Never occurred to us to do so
Our data is not that critical to our business
Not a priority
Lack of skills/unqualified personnel
Lack of resources
Lack of time
Other (Please specify)
Q66: Why don't you back up your data?
![Page 81: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/81.jpg)
Archiving
4%8% 7% 9%
31%
43% 48%48%
65%
50%45% 43%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Moving files off primary storage to another hard disk for long-term
storage
Providing tools to facilitate the recovery of archived information for
eDiscovery requests
Deduplication/compression Active management of the archived information
Q67: Which of the following features are needed for an archiving system to be complete?
1 - Not required, not necessary 2 - Optional, but nice to have 3 - Required
![Page 82: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/82.jpg)
Archiving
50%
48%
3%
0% 20% 40% 60% 80% 100%
We use our backup software
We use software designed specifically for archiving
Other (Please specify)
Q68: What do you use to archive information in your organization?
![Page 83: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/83.jpg)
Archiving
33%
15%
15%
10%
7%
6%
6%
5%
4%
1%
0% 10% 20% 30% 40% 50%
Microsoft Exchange
Symantec Enterprise Vault
Other (Please specify)
IBM CommonStore
CommVault Simpana
Autonomy Zantaz EAS
EMC EmailXtender
EMC Source One
Autonomy/Zantaz Digital Safe
Mimosa NearPoint
Q69: Which archiving solution do you use?
![Page 84: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/84.jpg)
Backup vs. Archiving solutions
52%
47%
42%
34%
17%
3%
0% 20% 40% 60% 80% 100%
I can use existing staff/resources
It is good enough
Using my backup solution doesn't require new training
Cost issues
Takes less time
Other (Please specify)
Q70: Why do you use backup software for your archiving needs instead of a specific archiving solution?
![Page 85: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/85.jpg)
Disaster Preparedness
![Page 86: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/86.jpg)
Natural disasters
Yes52%
No48%
Q71: Is your region susceptible to natural disasters?
![Page 87: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/87.jpg)
Disaster preparedness
13%
30%
18%
15%
15%
8%
0% 10% 20% 30% 40% 50%
We don't have one.
We have a general plan, but it is informal or undocumented.
We have a written plan, but it needs work.
We have a written plan that is "average."
We have a written plan that is "pretty good."
We have a written plan that is "excellent."
Q72: What is the state of your data center's disaster preparedness plan (actions taken during an event)?
![Page 88: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/88.jpg)
Disaster preparedness
36%
25%
25%
24%
19%
8%
0% 10% 20% 30% 40% 50%
Not a priority
Never occurred to us to have one
Our computer systems are not that critical to our business
Lack of resources
Lack of skills/unqualified personnel
Other (Please specify)
Q73: What has kept you from developing a plan or formal process to deal with outages or disruptions to your computer resources?
(Mark all that apply.)
![Page 89: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/89.jpg)
Disaster recovery
64%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Mean
Q74: How confident are you in your organization's disaster recovery plan?
![Page 90: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/90.jpg)
Disaster recovery testing
18%
12%
18%
15%
7%
15%
3%
5%
3%
3%
1%
0% 10% 20% 30% 40% 50%
Never
Every few years
Once a year
Twice a year
3 times a year
Quarterly
Every other month
Monthly
Twice a month
Weekly
More than weekly
Q75: How often do you test your DR plan?
![Page 91: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/91.jpg)
Disaster declarations
6.69
0
1
2
3
4
5
6
7
8
Mean
Q76: How many times have you had to declare a disaster and perform recovery operations at a recovery site in the past five years?
![Page 92: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/92.jpg)
Disaster causes
53%
37%
29%
25%
22%
13%
12%
10%
10%
9%
9%
5%
3%
3%
2%
0% 20% 40% 60% 80% 100%
Power failure
Computer hardware failure
Network failure
Computer software failure
User/operator error
Malicious employee behavior
Flood
Winter storm
Fire
Hurricane
Data leakage or loss
Earthquake
Terrorism or war
Tornado
Chemical spill
Q77: What were the causes of these disasters?(Mark all that apply.)
![Page 93: 2010 SMB Information Protection Survey](https://reader033.vdocuments.us/reader033/viewer/2022052900/5563605dd8b42ae6088b47a3/html5/thumbnails/93.jpg)
Disaster recovery
3%
11%
33%
32%
21%
0% 10% 20% 30% 40% 50%
Significantly poorly
Somewhat poorly
Neutral
Somewhat well
Significantly well
Q78: In general, how well did your disaster recovery plan work?